jefe Premium Member join:2001-05-19 Northport, NY
|
jefe
Premium Member
2003-Oct-29 2:39 pm
Audio spam - How is it getting in?This is a new one on me folks.
I just fired up BBR with IE and was browsing my favorite forums and what I can best describe as an audio spam started playing.
It was a poor quality recording so it's hard for me to be sure what it was advertising, but it sounded like some kind of movie coming this holiday season.
Hell, it just played again. Elf, rated PG.
I'm running nod32. I've done a full scan. All my ports are stealth-ed. I use OE6 but don't ever have the preview window enabled and I always shift-delete any messages I don't recognize.
Has anyone else experienced the audio spam I'm getting? And does anyone have a clue how it got in to my system?
TIA
--jeff
edit: More info...I found the files that's being played and found it somehow rode in on AIM. If I close AIM in the middle of the sound bite, it stops it.
The 3 files are: aim_ELFInc.js elAUD.eye elf350.eye
[text was edited by author 2003-10-29 14:52:34] |
|
|
You're saying you think it's from BBR/DSLR? I suppose someone could be fooling around with embedding a script to call a flash object (one that's just sound) or somehow linking some other type of sound file. Do you know exactly what threads you were in? If it is from here, you may be able to locate it. Otherwise, might you have other spyware installed? You could scan with either/both Ad-Aware or Spybot S&D. |
|
jefe Premium Member join:2001-05-19 Northport, NY |
jefe
Premium Member
2003-Oct-29 2:53 pm
I thought it might've been for a minute, but I now realize it was just a coincidence that it happened shortly after I fired up BBR.
Sorry if I gave anyone the impression that BBR was in any way involved. |
|
panth1The Coyote join:2000-12-11 Port Saint Lucie, FL
|
to jefe
I just got this not 5 minutes ago and came to this forum :P
My friend said he got this yesterday and I was like wtf you talking about and now it just happend.
I'm running DeadAIM and it was "downloaded" by one of my friends so I wonder if some hacked it to include this. |
|
jefe Premium Member join:2001-05-19 Northport, NY |
jefe
Premium Member
2003-Oct-29 3:00 pm
I'm running DeadAim V4 also. One other thing, I just got a notification from JDennis that V4.1 was available. I went to their web site to get it and I wonder if that's where the culprit files could've come from?
(I didn't get DeadAIM 4.1 because they want me to give them my friggin' birthday to register with them. I oppose giving out that info for a casual registration on principle, but that's another thread....) |
|
|
halc to jefe
Member
2003-Oct-30 10:14 am
to jefe
I'm not sure I understand you, but playing an embedded background sound without user control is one of the very basic features of Internet Explorer (and many other browsers).
Or did you mean something completely else?
I block all automatic video/sound embed links using Proxomitron web filter. |
|
Daemon Premium Member join:2003-06-29 Washington, DC |
Daemon to jefe
Premium Member
2003-Oct-30 10:17 am
to jefe
Unfortunately, AOL has started spaming AIM users with audio ads. At the same time, DeadAIM only hides the ads.
What is happening is that the ad is playing, but DeadAIM has made it invisible. |
|
jefe Premium Member join:2001-05-19 Northport, NY |
jefe to halc
Premium Member
2003-Oct-30 10:22 am
to halc
I have all those features disabled in IE too.
It took a little while before I found that closing AIM would stop the audio file from playing.
AIM is big on advertising banners, which DeadAim blocks. I wonder if that Java script and the files associated with it were just a new way of AIM pushing advertisements?
The issue hasn't resurfaced since I found and deleted the 3 files I mentioned above, which were in \Documents and Settings\user-me\Local Settings\Temporary Internet Files. (XP Pro) |
|
|
jefe |
jefe to Daemon
Premium Member
2003-Oct-30 10:23 am
to Daemon
said by Daemon: Unfortunately, AOL has started spaming AIM users with audio ads. At the same time, DeadAIM only hides the ads.
What is happening is that the ad is playing, but DeadAIM has made it invisible.
Yep...that's just the conclusion I came to. Maybe JDennis will find a way to let you select blocking the audio ads as well. Or maybe it's just time to find another IM client and service. |
|
Daemon Premium Member join:2003-06-29 Washington, DC |
Daemon
Premium Member
2003-Oct-30 1:57 pm
it's simple enough to monitor your connections via netstat and the add the AOL ad server to your host file so that it loops back to localhost.
This also keeps AOL from downloading any ads normally, but deadaim has the additional benefit of hiding the space where the ad normally goes.
-Ryan |
|
jefe Premium Member join:2001-05-19 Northport, NY |
jefe
Premium Member
2003-Oct-30 2:00 pm
Do you happen to know that the IP or URL is of the AOL ad server? |
|
|
to jefe
Hmmmm, I wonder if that is only happening on newer versions of AIM? I am running 4.7.2480 and have not had the problem. However, if you would like to continue using the AIM service and want to use a different client, Trillian works very well with AIM (and it has no ads or spyware). They have a free Basic Version and a paid Pro Version - both very popular with some of our members here. You can use Trillian with your existing AIM screen names and you can transfer your buddy list, if you have saved it from AIM. Trillian will also allow you to use other chat clients like ICQ and Yahoo, MSN, and IRC » www.ceruleanstudios.comI wrote a tutorial in another forum that might help if you decide to try it:) How to Set up & Use Trillian with AIM» forum.gladiator-antiviru ··· pic=5116 |
|
jefe Premium Member join:2001-05-19 Northport, NY |
jefe
Premium Member
2003-Oct-30 2:08 pm
I used Trillian for a while CJ. I didn't like it as well as the native AIM client. I can't remember why...it's been a year or so.
I'm going to work trying to block the ad server before I give up on AIM.
Tnx.
--jeff |
|
|
Yep, I prefer the AIM client too. For now, I think I am safe from the elf with my older version |
|
jefe Premium Member join:2001-05-19 Northport, NY |
jefe
Premium Member
2003-Oct-30 2:43 pm
So it's back...with more files than before. The screen grab shows the files in my temp folder. Can anyone suggest what URL I should block, and the exact syntax to use in hosts? |
|
|
to jefe
This is soooooo not good. I found this on google but could only get the cached link to show the news story (so if this link doesn't work - just google for AOL audio ads) AOL Tests TV Ads in AIMquote: Users also will be able to stop, rewind, and replay the spots at will, Bernstein said
"The user is going to be in control," he added. "That goes back to us being very careful with our users and wanting to make it a great experience, so we've taken some safeguards -- if a user wants to stop it, they can stop it, if they want to replay it, they can."
However, they won't be able to control an ad's initial use of sound -- instead, that will be initiated by the ad server.
Sounds Ads...seems to be a growing trend Related story here: » www.wired.com/news/ebiz/ ··· ,00.html |
|
jefe Premium Member join:2001-05-19 Northport, NY |
jefe
Premium Member
2003-Oct-30 3:16 pm
Right. Just what we need. More ads blaring at us. If I can't find a way to block that noise I will for sure dump AIM and find another way to IM. Not that AOL is losing any sleep over the possibility of losing me. |
|
Epyon9283 Premium Member join:2001-12-26 Trenton, NJ |
to jefe
Just use a different AIM client like Trillian or Gaim. They don't have any ads. |
|
Name Game Premium Member join:2002-07-07 Grand Rapids, MI |
to jefe
Extension: EYE Program and/or Extension Function Company Eyeris Encoded Audio/Video File Eyewonder, Inc. Specific Notes Eyeris is the backbone of EyeWonder's technology, an encoding algorithm that supports Web, E-mail and wireless environments from narrowband up. EyeWonder is Java-based streaming media technology. The procedure for all EyeWonder audio/video files begins with the encoding (compressing) process via the Eyeris technology into .EYE files. » www.eyewonder.com/ |
|
Daemon Premium Member join:2003-06-29 Washington, DC
|
to jefe
from the firewall logs i keep, i'd host out
aim-charts.pf.aol.com www.aim.com aim.aol.com ar.alwola.com
for the specific ad I'd block www.empiremovies.com xlonhcld.xlontech.net (which is where the player is coming from)
also, you can try uninstalling viewpoint media player from add/remove (aim installs it automatically)
AIM connect to AIM.com and then is redirected to a different site, which i think is the atwola site. |
|
|
to jefe
betcha it is coming in via somekind of messinger. |
|
jefe Premium Member join:2001-05-19 Northport, NY |
to Daemon
ryi...
I think aim.com, aim.aol.com, and ar. alwolda.com, are all servers used for the basic AIM functionality.
I looked at xlontech.net and it doesn't seem like this kind of crap is their forte, but I will hosts it and empire.com out.
Good find about viewpoint media player. I've uninstalled it and maybe that alone is enough?
Thanks for the suggestions.
--jeff |
|
Daemon Premium Member join:2003-06-29 Washington, DC |
to jefe
those first three servers that i listed connect on port 80.
I didn't list any of the servers that connect on port 5190, but it's possible AIM is connecting to one on port 80 and 5190. |
|
jefe Premium Member join:2001-05-19 Northport, NY |
jefe
Premium Member
2003-Oct-30 7:43 pm
Port 80 is blocked by my ISP. Port 5190 is used by AIM for it's basic function. I have to expect that if I blocked 5190 myself I'd have no AIM. |
|
GlaiceBrutal Video Vault Premium Member join:2002-10-01 North Babylon, NY
1 recommendation |
to CalamityJane
Dang you, I was about to plug Trillian also! |
|
Daemon Premium Member join:2003-06-29 Washington, DC |
Daemon to jefe
Premium Member
2003-Oct-30 10:48 pm
to jefe
sorry- i meant your computer connects to the first three on their port 80. |
|
|
to jefe
Funny...I never had this problem and all of a sudden, I came to this thread and I heard the Matrix Revolutions trailer ad. Stupid AIM! |
|
arden625 |
said by "the article": America Online said it would restrict the number of times a user is exposed to one of the ads to about two per day. Tightly limiting the ads' frequency is an effort to avoid what is known in marketing parlance as "ad burnout," a loss of advertising efficacy due to overexposure -- but also helps to ensure that AIM users don't become overly annoyed.
Eh? I received ONE and I'm annoyed already. Urge to use ICQLite...rising... |
|
jefe Premium Member join:2001-05-19 Northport, NY |
jefe
Premium Member
2003-Oct-31 9:17 am
I think the guy who thought up that idea should be shot.
"Overly annoyed?" Give me a break. It took 10 seconds the first time it played before I was overly annoyed.
FWIW, it seems, so far, that uninstalling viewpoint media player and blocking empiremovies.com and xlonhcld.xlontech.net in my hosts file have stopped any further occurrences of this new plague.
--jeff |
|
pcdebbbirdbrain Premium Member join:2000-12-03 Brandon, FL ARRIS DG1670
|
to jefe
said by jefe: I thought it might've been for a minute, but I now realize it was just a coincidence that it happened shortly after I fired up BBR.
Sorry if I gave anyone the impression that BBR was in any way involved.
this just happened to me as well! I'm not running deadAIM tho. I got no windows pop up from aim or anything, all i had open is an IM window chatting with someone and bbr, i was on an other forum and moved to another one and got the wierd sound. (sounded like a movie trailer?) |
|